researchtoolssurveys DNSFactory

DNS SURVEY: APRIL 2005

This is a sub-page of the April 2005 report that includes a table of all nameserver software versions that we found.

Software Versions

For each address that sent a reply, we attempted to determine its software and version with two techniques. The first is to send a version.bind query to the address. The second is to use the fpdns tool to fingerprint the server.

The version.bind technique is simple because it is a single query/response. A BIND nameserver answers the query honestly unless the administrator has configured it to return a specific answer. Many people feel safer by obscuring the nameserver version string. Here are some of the interesting answers we received:

0x72 0x6d 0x20 0x2d 0x72 0x66 0x20 0x2f
310, btw we will consider finger print attempts malicious attempts
Secured !!! Please go away idiot lamer! ]
A good version
A secure version
BIND_or_not_BIND
Bind. James Bind. 007's the name
Do you really need to know this. If so please call me looking it up here is rude
Don't get too excited -- it's only a daemon
Function Prohibited Beeioch!
G0-AWAY-EVIL-HAX0RZ
Go away hacker!!!  You don't need that info.
I wrote this message because I need a life.  Can you guess why you found it?
My version is so secret that I even don't know what I'm running on
No chaos for you!
Security trought obscurity? No shared this version.
Shrek DNS Server.  Mean Green Naming Machine
This BIND is Non Version

Since the version.bind answer cannot always be trusted, we also use fpdns to try to determine the software version. fpdns sends a number of different queries to a nameserver and uses known quirks and behavior to deduce the version. One downside is that fpdns can not always give specific answers. For example, it might say the software is "BIND 8.3.0-RC1 -- 8.4.4"

We give the fpdns result priority over version.bind if both return an answer. Otherwise, we assume the version.bind answer is correct if it looks like a version string. The following table shows the breakdown of software and versions based on our analysis:

BIND 9145,09157.13%
unknown123,161-
BIND 851,03320.10%
Nominum CNS18,9957.48%
Microsoft Windows 200016,3626.44%
Microsoft Windows 200390133.55%
rbldnsd27641.09%
BIND 424000.95%
Cisco CNR21300.84%
totd17140.67%
Microsoft Windows NT414070.55%
MyDNS7610.30%
simple DNS plus4140.16%
PowerDNS3340.13%
sheerdns3050.12%
dnsmasq1240.05%
pdnsd1160.05%
AXIS Network Camera1130.04%
TinyDNS930.04%
Fasthosts Envisage DNS server770.03%
QDDNS760.03%
simple DNS plus740.03%
Meta IP/DNS690.03%
pliant DNS Server590.02%
QuickDNS500.02%
small HTTP server440.02%
JDNSS430.02%
MaraDNS410.02%
Viking DNS module 2320.01%
Microsoft DNS Server SP 6.0300.01%
NSD250.01%
Netnumber ENUM server250.01%
Nildram DNSv0.9230.01%
incognito DNS Commander220.01%
Microsoft Windows 2K3 (probably)180.01%
AOL2130.01%
Posadis120.00%
dnscache100.00%
dnrd70.00%
UltraDNS60.00%
nomde DNS tunnel50.00%
DeleGate DNS50.00%
Viking DNS module40.00%
Microsoft DNS serverz 2.0b1 NT4/SP340.00%
dproxy40.00%
jnamed (dnsjava)30.00%
Nominum ANS20.00%
NonSequitur DNS20.00%
Net::DNS::Nameserver10.00%
Microsoft Server 200010.00%

Note that the above percentages include only those nameservers for which we could determine a version. In fact we could not determine the version for alomst 33% of the nameservers that we found.


© 2020 The Measurement Factory.